What to know about KRACK Attack

Yesterday, 16/Oct/2017, was released a vulnerability that affects all WPA and WPA2 handshakes that allow attackers to override your wifi encryption and install a MITM to sniff all your packages getting user credentials and more.

How does it work?

On this video you can see a demostration of how it's implemented this vulnerability:

How do I protect myself?

Update your system, router, mobile device etc.
Most vendors already released a patch update, you can check a bigger intel about this here

They are currently investigating this security issue and will release updates if needed. Also EOM and EOS products will be updated, according to LINK

2017-10-17

2017-10-17

Barracuda Networks

No Known Official Response

N/A

2017-10-17

2017-10-17

Belkin, Linksys, and Wemo

No Known Official Response

"Belkin Linksys, and Wemo are aware of the WPA vulnerability. Our security teams are verifying details and we will advise accordingly. Also know that we are committed to putting the customer first and are planning to post instructions on our security advisory page on what customers can do to update their products, if and when required."

Errata patches for the wireless stack have been released for OpenBSD 6.1 and 6.0. State transition errors could cause reinstallation of old WPA keys. Binary updates for the amd64 and i386 platforms are available via the syspatch utility. Source code patches can be found on the respective errata pages. As this affects the kernel, a reboot will be needed after patching.

2017-10-16

2017-10-16

Pakedge

No Known Official Response

Via @spike411 "They have acknowledged they have received my enquiry but don’t have any info about the state of this vulnerability in their products."

Update (20171002 01:38): The fixes for raspbian Jessie and Stretch should now be in the public raspbian repo. The fix for raspbian buster should follow in a few hours. I do not know if/when there will be a fix for wheezy. source: LINK

2017-10-17

2017-10-17

Red Hat, Inc.

This issue affects the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 6 and 7. LINK

N/A

2017-10-16

2017-10-16

28 Aug 2017

Ring

No Known Official Response

Per support "They promise to update public shortly, actively working with developers."

2017-10-17

2017-10-17

Ruckus Wireless

Refer to Ruckus Support. Security patches from Ruckus are forthcoming and will be posted as they are available. LINKPDF

Users should refer to their Wi-Fi device vendor’s website or security advisories to determine if their device has been affected and has an update available. As always, Wi-Fi users should ensure they have installed the latest recommended updates from device manufacturers.

From what I've read the exploit is known for 5-6 months but wasn't shared with the public, and Android/iOS will wait until next month (November). Android (all the manufacturers) have a low adoption rate regarding the updates, so the vulnerable devices will exists for a long time (XP is still running somewhere 😜).

Really great article with concrete information applicable to a range of technologies. Thanks!

To bulk up the "How does it work?" section and give a bit more background information, here is the link to a blog I wrote. It includes more details on the KRACK attack and what vulnerabilities in the WPA2 protocol made the attack possible: